My.WiFi USB Drive 1.0 File Inclusion

Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1589 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ==================================== 15...

My.WiFi USB Drive 1.0 iOS - Local File Inclusion

My.WiFi USB Drive 1.0 iOS - Local File Inclusion Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1589 Release Date: ============= 2015-09-24 Vulnerability Laboratory ...

Air Drive Plus 2.4 - Arbitrary File Upload Vulnerability

Exploit for iOS platform in category web applications Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Product & Service Introduction: =============================== Turn your iPhone, iPod touch, and iPad into a wireless disk. Share your files and...

Air Drive Plus 2.4 - Arbitrary File Upload

Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ID VL-ID:...

Libunwind One Error Vulnerability

libunwind is a library that provides basic stack tumbling functionality for programs based on 64-bit CPUs and operating systems. It includes APIs for exporting stack traces, APIs for programmatically tumbling the stack, and APIs to support C++ exception handling mechanisms. A difference-one error...

DEBIAN-CVE-2015-3239

Off-by-one error in the dwarftounwregnum function in include/dwarfi.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes...

Design/Logic Flaw

The HTTP Strict Transport Security HSTS module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impac...

Joomla! Component com_docman - Multiple Vulnerabilities

Joomla! Component comdocman - Multiple Vulnerabilities Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 13/07/2015 Vendor Homepage:...

HTTP Client Automatic Exploiter 2 (Browser Autopwn)

This module will automatically serve browser exploits. Here are the options you can configure: The INCLUDEPATTERN option allows you to specify the kind of exploits to be loaded. For example, if you wish to load just Adobe Flash exploits, then you can set Include to 'adobeflash'. The EXCLUDEPATTER...

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the streamresolveincludepath function in ext/standard/streamsfuncs.c, as...

UBUNTU-CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...

WordPress WP Mobile Edition Plugin - Local File Include

WP Mobile Edition plugin is prone to a local file include vulnerability. It allows an attacker to view files and execute local scripts in the context of the web server process. Solution Upgrade the plugin...

Wordpress Really Simple Guest Post <= 1.0.6 - File Include Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Really Simple Guest Post File Include Google Dork: inurl:"really-simple-guest-post" intitle:"index of" Date: 04/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/really-simple-guest-post/...

SE HTML5 Album Audio Player <= 1.1.0 - Local File Include

The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The downloadaudio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../...

SE HTML5 Album Audio Player <= 1.1.0 - Local File Include

The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The downloadaudio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../. PoC...

WordPress Really Simple Guest Post Plugin <= 1.0.6 - File Include

Because of this vulnerability, an attacker can come directly into the URL /wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php and send a post data. Solution Update the plugin...

Really Simple Guest Post Plugin <= 1.0.6 - File Include

The really-simple-guest-post WordPress plugin was affected by a File Include security vulnerability...

PentestBox - Portable Penetration Testing Distribution for Windows Environments

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 50% of penetration testing distributions users uses windows. So it provides an efficient platform for Penetration Testing on windows platform. Check out demo video: Easy ...

UBUNTU-CVE-2015-4050

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...